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DETAILED ACTION 

This action is responsive to tlie arguments filed 17 Marcli 2008. Claims 2, 3, and 
8 were previously cancelled. Claims 1 , 4-7, and 9-12 are currently pending. 

Response to Arguments 

Applicant's arguments filed 17 March 2008 have been fully considered but they 
are not persuasive. 

Applicant first argued that, with respect to claim 1, Patrick does not disclose the 
limitation "...mapping said authentication modules...". Applicant further argued that 
Patrick "associates one or more principals with the subject upon successful 
authentication," which is "not analogous to the recited step of mapping authentication 
modules... because relevant principals are associated with a subject only if the required 
login modules succeed in authentication." The examiner respectfully disagrees, noting 
that column 3, lines 1-3 state that "LoginContext 102 can consult configuration 106 to 
determine which specific login modules 1 10-1 18 to invoke in performing authentication 
of a subject." This implies that the configuration 106 stores a previously determined 
mapping of subjects to required modules. 

Applicant then argued, with respect to claim 7, that Ferchichi fails to disclose, 
teach, or suggest "means... for sending an authenticating domain identifier to an 
authentication server, wherein said authenticating domain identifier comprises an 
application service identifier." Applicant further argued that Ferchichi discloses a single 
sign-on module realized as a software module, but not a plurality of software modules, 
and thus cannot use an applications service identifier as claimed. The examiner 
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respectfully disagrees, noting that 1|56-84 specify a plurality of authentication 
mechanisms stored in the smart card depicted in figure 13. Because a smart card is 
essentially just a processor and memory device in a card form, these authentication 
mechanisms must be software modules (i.e. a plurality of software modules). 
Furthermore, as the applicant pointed out that a single software module cannot use an 
application service identifier, the opposite must also be true; a plurality of software 
modules, such as those taught by Ferchichi, can use application service identifiers. 
Claim Rejections - 35 USC § 102 

The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claim 1 rejected under 35 U.S.C. 102(e) as being anticipated by Patrick, U.S. 
7,017,051. 

As per claim 1 , Patrick discloses a method of authenticating end-user clients 
requiring access to services available in a computer-based communication system, 
comprising the steps of: 

a) at an authentication server connected in said communication system, defining 
a list of authentication modules available in said communication system, and mapping 
said authentication modules to authenticating domain identifiers associated to end-user 
clients of said authentication server wherein said authenticating domain identifiers each 
comprise an application service identifier (2:60-67, 3:1-3, 8:39-53); 

b) sending, by an end-user client, respective authentication domain identifier to 
said authentication server (3:5-7, 10:56-59); 



Application/Control Number: 10/699,665 Page 4 

Art Unit: 2132 

c) creating, by the authentication server and depending on the authentication 
domain identifier, an authentication stacl< specific to said end-user client, said stacl< 
comprising one or more stacl< entries, each mapped to a respective authentication 
module (3:18-34); 

d) rendering, for each stack entry and depending thereon, an authentication 
service provided at said respective authentication module to produce an authentication 
result for that entry (3:35-45); and 

e) consolidating authentication results to obtain an authentication status for the 
end- user client (9:32-50). 

Claims 7, 10 and 11 are rejected under 35 U.S.C. 102(a) and 35 U.S.C. 102(e) 
as being anticipated by Ferchichi et al. U.S. Patent Publication No. 2003/0012382 A1, 
(hereinafter "Ferchichi"). 

Regarding claim 7: Ferchichi discloses a method (Title) and system ([0048] 
module can Include hardware and software) respectively, of authenticating an end-user 
client in a computer-based communication system comprising the steps of: 

a) sending, by the end-user client, an authenticating domain identifier to an 
authentication server, wherein the authenticating domain identifier comprises an 
application service Identifier ([0012] - [0015] request); 

b) creating, by the authentication server and depending on the authentication 
domain identifier, an authentication stack comprising one or more stack entries ([0012] 
- [0015] store request); 
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c) rendering, for each stack entry and depending tliereon, an autlientication 
service to produce an authentication result for that entry ([0012] - [0015] checl< 
authentication mode); and 

d) consolidating authentication results to obtain an authentication status for the 
end-user client ([0221] synchronization status). 

Regarding claims 4 and 10: Ferchichi discloses that the authentication service 
includes local and remote services ([0049] - [0050] local authentication via single sign 
on module required for authentication for remote access). 

Regarding claims 5 and 1 1 : Ferchichi discloses that the local and remote 
services include biometric schemes ([0048] - [0050]), cryptographic hardware services 
([0048] and [0064] cryptographic hardware), smart cards ([0048] - [0050]), and USB 
tokens (0061] token). 

Claim Rejections - 35 USC § 103 
Claims 4 and 5 rejected under 35 U.S.C. 103(a) as being unpatentable over 
Patrick in view of Ferchichi. 

Regarding claim 4: Patrick substantially teaches local authentication services, but 
fails to disclose remote services (3:35-45). However, Ferchichi discloses that the 
authentication service includes remote services ([0049] - [0050] local authentication via 
single sign on module required for authentication for remote access). It would have 
been obvious to one of ordinary skill in the art at the time of applicant's invention to 
substitute a remote authentication service for a local authentication service. 
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Regarding claim 5: Patrick fails to disclose local and remote authentication 
services including biometrics, cryptographic hardware, smart cards and USB tokens. 
Ferchichi discloses that the local and remote services include biometric schemes 
([0048] - [0050]), cryptographic hardware services ([0048] and [0064] cryptographic 
hardware), smart cards ([0048] - [0050]), and USB tokens (0061] token). It would have 
been obvious to utilize biometric schemes, cryptographic hardware services, smart 
cards and USB tokens as authentication services since, used on their own, they would 
yield the same result. Therefore, the combination of Patrick and Ferchichi would yield 
predictable results. 

Claim 6 rejected under 35 U.S.C. 103(a) as being unpatentable over Patrick in 
view of Saigo et al. (Saigo), U.S. Patent No. 6,587,880. 

Regarding claim 6: Patrick fails to teach a method comprising sending a unique 
session identifier to the end-user client responsive to an authentication status 
corresponding to a successful authentication. However, Saigo discloses transmitting a 
session identifier to the user upon successful authentication (8:52-67). It would have 
been obvious to combine the inventions of Patrick and Saigo since transmitting a 
session identifier to the user upon successful authentication yields the same result of an 
authenticated user obtaining a session identifier. 

Claims 9, and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Ferchichi in view of Shimada et al., U.S. Patent Publication No. 2003/0154373 Al , 
(hereinafter "Shimada"). 
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Regarding claim 9: Fercliichi does not disclose that the authentication server, 
dependent on the application ID, retrieves a configuration specifying authentication 
application, which configuration is used for creating the authentication stack. 

Shimada discloses that the authentication server, dependent on the application 
ID, retrieves a configuration specifying authentication application, which configuration is 
used for creating the authentication stack ([0040] configuration depends on application 
and device). 

Therefore, it would have been obvious to one skilled in the art at the time of the 
invention to modify Ferchichi by application dependent parameters as taught by 
Shimada in order to enable services to operate on a variety of platforms, (see Shimada 
[0040]). 

Regarding claim 12: Ferchichi does not disclose that, responsive to an 
authentication status corresponding to a successful authentication, a unique session ID 
is sent to the end-user client. 

Shimada discloses that, responsive to an authentication status corresponding to 
a successful authentication, a unique session ID is sent to the end-user client ([0457] 
session ID associated with user). 

Therefore, it would have been obvious to one skilled in the art at the time of the 
invention to modify Ferchichi by application dependent parameters as taught by 
Shimada in order to enable services to operate on a variety of platforms, (see Shimada 
[0040]). 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to VIRGIL HERRING whose telephone number is 
(571)272-8189. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571 ) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Virgil Herring 
Examiner 
Art Unit 2132 
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Examiner, Art Unit 2132 
/Gilberto Barron Jr/ 

Supervisory Patent Examiner, Art Unit 2132 



